- Jan 17, 2023
-
-
Oliver Hader authored
Using CSP directive `style-src 'unsafe-inline'` seems to be fine for directly requested SVG files, since corresponding definitions are bound to the corresponding resource. Loading styles from any other external resource is still denied. Resolves: #93884 Releases: main, 11.5, 10.4 Change-Id: Ifddf8782ecaa81bf26026ae8850d8c53b7977bd7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77456 Reviewed-by:
Oliver Hader <oliver.hader@typo3.org> Tested-by:
core-ci <typo3@b13.com> Tested-by:
-
Nikita Hovratov authored
Since the introduction of always absolute (web) paths inside the TYPO3 backend, the TCA ctrl option `selicon_field` didn't work anymore since relative web paths like `fileadmin/file.png` changed to `/fileadmin/file.png`, which were not handled and resulted in a missing icon. This patch extends the condition for checking for absolute paths and prevents the GU:getFileAbsFileName method from turning web paths into empty strings. Resolves: #95572 Resolves: #97442 Related: #95027 Releases: main, 11.5 Change-Id: I1b82f71fe4f0636bd786d102f361ca60c1294af9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77431 Tested-by:
Nikita Hovratov <nikita.h@live.de> Tested-by:
-
Christian Kuhn authored
Resolves: #99582 Releases: main, 11.5 Change-Id: Ib7a0f546f025eed37bac6b494f29865494841787 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77430 Reviewed-by:
Oliver Bartsch <bo@cedev.de> Tested-by:
Oliver Klee <typo3-coding@oliverklee.de> Tested-by:
-
Georg Ringer authored
Set the argument `muted` if autoplay is enabled for vimeo and local videos - just as done for YouTube videos in #96320 Resolves: #99301 Resolves: #99461 Related: #96320 Releases: main, 11.5 Change-Id: I81848a724dc736b49c4c98c4c2f59627be169f8d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77432 Tested-by:
-
Oliver Klee authored
The new version finds some more potential problems. > composer req --dev phpstan/phpstan:^1.9.12 > ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline Resolves: #99573 Releases: main, 11.5 Change-Id: Ieee3a5881a854946cb180965e4f182b27ea05aaf Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77420 Tested-by:
Christian Kuhn <lolli@schwarzbu.ch> Tested-by:
-
Christian Kuhn authored
Resolves: #99572 Releases: main, 11.5 Change-Id: I65fe76b733b6b0fce9ebb7dd54759ae673ab1755 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77418 Reviewed-by:
Jasmina Ließmann <minapokhalo+typo3@gmail.com> Tested-by:
Benni Mack <benni@typo3.org> Reviewed-by:
-
Christian Kuhn authored
Just another sanitation in lowlevel QueryGenerator. Resolves: #99568 Related: #98536 Releases: main, 11.5 Change-Id: Id7d8aa9856e7e148964bff0ef66e7c7b69bd6aaf Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77414 Tested-by:
-
Torben Hansen authored
The `redirectMode=referer` configuration allows to process a redirect after a successful login to an evaluated referer value. For the legacy version of the felogin plugin, the referer value has been evaluated using the GET/POST parameter `referer` and the `HTTP_REFERER` as fallback. The extbase version of the felogin plugin currently only evaluates the GET/POST parameter `referer`. This patch adds the missing `HTTP_REFERER` fallback evaluation of the referer. Resolves: #91844 Releases: main, 11.5 Signed-off-by:
Torben Hansen <derhansen@gmail.com> Change-Id: Id4119b0425ddca09a350f4d8d8a6ebb4d3b3135b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77401 Tested-by:
-
- Jan 16, 2023
-
-
Sybille Peters authored
Checking for duplicate slugs in DataHandler will now make sure that no two fields with the same slug exist, where one of them has a language of -1. Existing records are not migrated. This could be done in a followup patch or with a community extension. When new records are created or changed which have a field of type "slug", a unique handling ensures that no records exists with the same slug (depending on the additional settings "unique", "uniqueInSite" and "uniqueInPid"). The language is considered as well: Records with the same slug can exist if the language differs. But language -1 was not considered previously. Since -1 means all language, no other record with the same slug should exist in ANY language if a record with language -1 exists. Resolves: #99529 Releases: main, 11.5 Change-Id: I919c3a3954df02cd55c701c480f6c1a8c87d84d5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77407 Tested-by:
Stefan Bürk <stefan@buerk.tech> Reviewed-by:
-
Georg Ringer authored
As the selection "explain" only works for Mysql, it should also only be displayed then. Resolves: #99512 Releases: main, 11.5 Change-Id: I93ddf86d1f63ef124feb2b72e86f32d8260ad99f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77395 Tested-by:
-
linawolf authored
Resolves: #99542 Releases: main, 11.5 Change-Id: Ifa05cc27825bc4c89dd9b08f66c03505270fd815 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77393 Tested-by:
-
Elias Häußler authored
When authenticating and fetching user records, appropriate methods normally pass around either the full database record or `false` in case the user does not exist or could not be authenticated. The expected types are now added to all relevant methods in authentication services. Resolves: #99544 Releases: main, 11.5 Change-Id: Ib45440a39e64b5ac5a1f1c4799e2f59cb13526bf Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77335 Reviewed-by:
-
- Jan 13, 2023
-
-
Philipp Kitzberger authored
When pressing the save+preview button for a non-page record the local PageTS is not being ignored anymore and leads the user to the right page in the frontend. Resolves: #96667 Releases: main, 11.5 Change-Id: Ibb3e9a549ca59bfd3a71649e2970d1d534c2c0e5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77377 Tested-by:
-
- Jan 12, 2023
-
-
Christian Kuhn authored
TCA "type=none" with "pass_content=false" (styleguide elements basic none_2) or without pass_content at all (styleguide elements basic none_4) double encodes the value. Testable using styleguide with some DB value like "l<u>i</u>p", which needs to be manually put into DB since none fields do not persist data using the backend. Note pass_content=true is documented to not hsc() the value at all, which is not true since TYPO3 v7, a htmlspecialchars() is still applied. Not encoding HTML is a potential security risk, so the patch now only fixes the "pass_content=false" and "not set" scenario to no longer double encode, and another patch will remove the pass_content option in v12 entirely with a TCA migration and deprecation note stating the option did not work since 2017 anyways. Resolves: #99522 Releases: main, 11.5 Change-Id: Ic19ad991d0f17925d5f56fb34126a7cf8f6e6aab Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77334 Tested-by:
-
- Jan 11, 2023
-
-
Markus Klein authored
The unit tests are adjusted to have strict type checking. The bug is actually covered with a test already, only the assertion was wrong. Resolves: #99521 Releases: main, 11.5 Change-Id: I52a1aa1a969bcc9d32df4ab6f43726bef671fe66 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77354 Tested-by:
-
Georg Ringer authored
Resolves: #99511 Releases: main, 11.5 Change-Id: I9657a72e68ac0fea8ee8b0d75fcaa23a3cb4ce8b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77357 Reviewed-by:
-
Christian Kuhn authored
Resolves: #98995 Releases: main, 11.5 Change-Id: I70cd2ed6ba9efe3a4e4216a61903157f1421568f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77333 Reviewed-by:
-
Christian Kuhn authored
Resolves: #99073 Releases: main, 11.5 Change-Id: Ib4d69ebd3258451af19616810730ecd33c31077d Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77328 Tested-by:
-
- Jan 10, 2023
-
-
Benni Mack authored
Change-Id: If3158f4bf2d22c41151f841ca15d87a29487b0c9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77315 Tested-by:
-
Benni Mack authored
Change-Id: I21e2782b7ccace2c49a0cf6f13dfb6b8807a2700 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77314 Reviewed-by:
-
Christoph Lehmann authored
Generating a page link leads to 2 sql queries. The first query is about a general lookup and frontend group access check. The second occurs through PageRouter::generateUri(). By passing a fully resolved and possibly overlayed page record (as object) to generateUri() instead of a pageId the second query can be omitted. Since generateUri() is public we need to make sure the page record is completely resolved and overlayed in order to reuse it. This is done with the new Page object. Resolves: #97492 Releases: main, 11.5 Change-Id: I307d6e5f53d6581deb494aa123f25bde0a7ff263 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77332 Tested-by:
-
- Jan 08, 2023
-
-
Chris Müller authored
This eases the usage for administrators running a legacy installation. Resolves: #99486 Releases: main, 11.5 Change-Id: Ibf61df760cbc80543c03f499ed40d24c68af35d2 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77225 Reviewed-by:
-
- Jan 06, 2023
-
-
Helmut Hummel authored
Accessing a not available configuration via TypoScript can be intentional (e.g. by using it in an if check). Therefore the log entry severity should rather be downgraded to a notice. Releases: 10.4, 11.5, main Resolves: #99465 Change-Id: I26ed4e96290ce6839c32cc60a7cbcf7fa24d0f2b Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77220 Tested-by:
Helmut Hummel <typo3@helhum.io> Reviewed-by:
-
Helmut Hummel authored
When this task is executed on CLI (scheduler), the global request variable is not available, thus a null check must be added before checking the instance of the value. Releases: 10.4, 11.5, main Resolves: #99464 Change-Id: Ie9c1b8e4fbc187d6ade569b1b152ce799a09a1f0 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77221 Tested-by:
-
Torben Hansen authored
Update copyright year to 2023 Resolves: #99473 Releases: main, 11.5, 10.4 Signed-off-by:
-
Sybille Peters authored
The pageId is already passed to the functon ItemProcessingService::getProcessingItems(). This is now used instead of retrieving the uid / pid from the row array. The previous behaviour could result in an exception with PHP 8.1 since the uid in the row might not be initialized if a new page is created. If a field with itemProcFunc existed for a field in the pages table. The page id which was passed to the function already handled the case of empty uid by passing the uid of the parent page. Resolves: #99295 Releases: main, 11.5 Change-Id: I9c72189c6f80e0a45cb9abfcc80541b091c126b8 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77277 Tested-by:
-
Helmut Hummel authored
The setContentType method on TyposcripFrontendController was introduced to allow Extbase plugins to change the content-type header of the server http response. However this currently only works, when the Extbase plugin action is uncached. Once a plugin, that is rendered on a page ist cached in page cache, the content type of subsequent requests is always "text/html", because the value of the contentType property is not stored in cache. Storing this value into cache allows creating e.g. Json APIs as Extbase Plugins, that can be fully cached without adding hacks like modifying config.additionalHeaders Resolves: #99373 Releases: main, 11.5 Change-Id: Ibf00c9438d8763ef9d32c6ad7d00a44d3137ba13 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77269 Tested-by:
-
Daniel Siepmann authored
Requesting an none existing entry resulted in an PHP Warning in newer PHP 8.x versions. Resolves: #97554 Releases: main, 11.5 Change-Id: Ie0096b8e2fe6593aa577279d2ef843151d1af8b8 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77271 Reviewed-by:
-
- Jan 05, 2023
-
-
Oliver Bartsch authored
The search box in the file browser is now displayed again, even if no files are in the folder. This is necessary because the search works recursively. Actually, the search box was only displayed for an active search with an empty result list, due to another bug. FileSearchResultInterface is never "empty" since it's an object. This is now fixed as well. Additionally, the flash message is improved, in case no files are available for a search term. Resolves: #99447 Releases: main, 11.5 Change-Id: I970b19c7779075711f97987e80aad3f376cd5f40 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77268 Reviewed-by:
-
Oliver Bartsch authored
Resolves: #99468 Releases: main, 11.5 Change-Id: Ib22901dce1662a0216eb4e2a55061131055fbcf1 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77219 Tested-by:
-
alexander.vogt authored
Due to the introduction of the "language" TCA type, the column processing of TCA language fields in TcaSelectItems->addData was skipped and therefore the array conversion through the "processDatabaseFieldValue" method was no longer applied. The placeholder processing in TcaInputPlaceholders however expected the tables language field to be an array. This is now fixed. Resolves: #99446 Releases: main, 11.5 Change-Id: I20f456ba7066c19d2eded00079e58c4c64521eeb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77265 Tested-by:
-
- Jan 03, 2023
-
-
Christian Kuhn authored
Some bug fixes reduce list of false positives. > composer req --dev phpstan/phpstan:^1.9.5 > composer req --dev phpstan/phpstan-phpunit:^1.3.3 > ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline Resolves: #99448 Releases: main, 11.5 Change-Id: Ibc7cc259d6fd5520365ccb25652a21f4488e9597 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77246 Tested-by:
-
- Dec 29, 2022
-
-
Jochen Roth authored
Currently, mariadb is only supported up to v10.6. This has been changed up to v10.10 and jobs have been added to the ci pipeline. And on top v15 of postgres has been added for testing purposes only. Resolves: #99362 Releases: main, 11.5 Change-Id: I0202de4d3138b747b01e6cf0c32dc16b4ad398eb Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77238 Tested-by:
-
- Dec 22, 2022
-
-
Georg Ringer authored
An unnecessary quote has been added with #91016 and should be removed again. Resolves: #99402 Releases: main, 11.5, 10.4 Change-Id: I42fdda31a1110efc540cc72fd0398db5bc03675f Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77216 Tested-by:
-
Nikita Hovratov authored
Resolves: #99407 Related: #98122 Releases: main, 11.5 Change-Id: Ie5a8e894e65669e9faa3d30f908040006a0345d7 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77215 Reviewed-by:
-
André Buchmann authored
The showForgotPasswordLink setting was renamed to showForgotPassword during the refactoring to fluid templates. It is now also renamed in the TypoScript setup. The TypoScript constant name is not changed to keep compatibility. Resolves: #98122 Releases: main, 11.5 Change-Id: I1b47da42fb17504e52bca4705c8444253d6b1f76 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77213 Reviewed-by:
-
- Dec 21, 2022
-
-
Eric Bode authored
To update the Indexed Search TypoScript documentation the following tasks have been completed: * Use of `.. confval::` block * All available settings are named * Some description texts have been optimized * Code examples were created * Indentation was done with 4 spaces * Heading types were corrected * Default values were entered separately outside the body text * Missing references were corrected Releases: main, 11.5 Resolves: #99353 Resolves: #99379 Change-Id: Ice6c38607fed68347dc38617c7dea8634f073483 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77214 Tested-by:
Lina Wolf <112@linawolf.de> Reviewed-by:
-
- Dec 20, 2022
-
-
Oliver Klee authored
The new version finds some more potential problems. > composer req --dev phpstan/phpstan:^1.9.4 > composer req --dev phpstan/phpstan-phpunit:^1.3.2 > ./Build/Scripts/runTests.sh -s phpstanGenerateBaseline Change-Id: Iae41030660fc24f8e5d83546cb9e22835517a719 Resolves: #99389 Releases: main, 11.5 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77212 Tested-by:
-
- Dec 19, 2022
-
-
Oliver Bartsch authored
Resolves: #99380 Releases: main, 11.5 Change-Id: I44a4a805b4848700e30ed7127a6da62c1f4cfdde Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77138 Tested-by:
-
- Dec 16, 2022
-
-
Oliver Bartsch authored
The extension repository status check in the reports module is now skipped in composer mode. Resolves: #99385 Releases: main, 11.5 Change-Id: Ia3c049e1df5000045249a5308601bf2f75bf6ec9 Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/77137 Tested-by:
-
